We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
squirrelmail
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large)

pdontthink 15 years ago
parent
58485d0d42
commit
6a87c99bc2
2 changed files with 6 additions and 4 deletions
Unified View Show Diff Stats
  1. 2 0
      doc/ChangeLog
  2. 4 4
      functions/strings.php

+ 2 - 0
doc/ChangeLog
View File 

@@ -340,6 +340,8 @@ Version 1.5.2 - SVN
 
   - Fix error with SpamCop reporting plugin not being able to send report as
 
   - Fix error with SpamCop reporting plugin not being able to send report as
 
     emails (#1795310).
 
     emails (#1795310).
 
   - Fix typo in SpamCop plugin.
 
   - Fix typo in SpamCop plugin.
 
+  - Reduced default time security tokens stay valid from 30 days to 2 days
 
+    (reduces chances of session data growing too large)
 
 
 
 Version 1.5.1 (branched on 2006-02-12)
 
 Version 1.5.1 (branched on 2006-02-12)
 
 --------------------------------------
 
 --------------------------------------

+ 4 - 4
functions/strings.php
View File 

@@ -1468,7 +1468,7 @@ function sm_truncate_string($string, $max_chars, $elipses='',
 
   *
 
   *
 
   * @param boolean $purge_old Indicates if old tokens
 
   * @param boolean $purge_old Indicates if old tokens
 
   *                           should be purged from the
 
   *                           should be purged from the
 
-  *                           list ("old" is 30 days or
 
+  *                           list ("old" is 2 days or
 
   *                           older unless the administrator
 
   *                           older unless the administrator
 
   *                           overrides that value using
 
   *                           overrides that value using
 
   *                           $max_security_token_age in
 
   *                           $max_security_token_age in
 
@@ -1494,7 +1494,7 @@ function sm_get_user_security_tokens($purge_old=TRUE)
 
    //
 
    //
 
    if ($purge_old)
 
    if ($purge_old)
 
    {
 
    {
 
-      if (empty($max_token_age_days)) $max_token_age_days = 30;
 
+      if (empty($max_token_age_days)) $max_token_age_days = 2;
 
       $now = time();
 
       $now = time();
 
       $discard_token_date = $now - ($max_token_age_days * 86400);
 
       $discard_token_date = $now - ($max_token_age_days * 86400);
 
       $cleaned_tokens = array();
 
       $cleaned_tokens = array();
 
@@ -1562,7 +1562,7 @@ function sm_generate_security_token()
 
   * from the user's preferences if it was valid.  If the token
 
   * from the user's preferences if it was valid.  If the token
 
   * is too old but otherwise valid, it will still be rejected.
 
   * is too old but otherwise valid, it will still be rejected.
 
   *
 
   *
 
-  * "Too old" is 30 days or older unless the administrator
 
+  * "Too old" is 2 days or older unless the administrator
 
   * overrides that value using $max_security_token_age in
 
   * overrides that value using $max_security_token_age in
 
   * config/config_local.php
 
   * config/config_local.php
 
   *
 
   *
 
@@ -1628,7 +1628,7 @@ function sm_validate_security_token($token, $validity_period=0, $show_error=FALS
 
 
 
    // reject tokens that are too old
 
    // reject tokens that are too old
 
    //
 
    //
 
-   if (empty($max_token_age_days)) $max_token_age_days = 30;
 
+   if (empty($max_token_age_days)) $max_token_age_days = 2;
 
    $old_token_date = $now - ($max_token_age_days * 86400);
 
    $old_token_date = $now - ($max_token_age_days * 86400);
 
    if ($timestamp < $old_token_date)
 
    if ($timestamp < $old_token_date)
 
    {
 
    {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5